news-details
Technology

Veracode Unveils Innovations to Tackle Security Debt at Black Hat USA Conference

At the Black Hat USA Conference (booth #2536), Veracode, a global leader in application risk management, announced groundbreaking platform innovations designed to help organizations identify, prioritize, and reduce security debt across their expanding attack surface. The newly introduced Universal Connector and Application Security Heatmap, powered by Longbow, offer advanced capabilities for connecting and visualizing critical risks.

Addressing Critical vs Non-Critical Security Debt

New research by Veracode highlights a concerning trend: developers are remediating low-severity flaws more urgently than severe ones. The State of Software Security 2024 Language Snapshot reveals that critical security debt—high-severity flaws unfixed for over a year—poses significant risks to organizational integrity and availability. Notably, critical security debt is more prevalent in third-party code, with 80% of critical debt in Java apps and 63% in JavaScript apps originating from open-source software.

Chris Eng, Chief Research Officer at Veracode, stated, "The combination of mounting security debt, an expanding attack surface made vulnerable by generative AI, and an overwhelming volume of security alerts makes it challenging for organizations to know which application risks to prioritize. Our research shows that many organizations are more focused on remediating low-severity flaws than critical flaws. Security leaders need technology that enables them to effectively uncover and manage application risk, and then reduce that risk by focusing on the issues that matter most across their entire attack surface."

Introducing the Universal Connector and Application Security Heatmap

Veracode's latest innovations aim to address these challenges by providing clear operational insights into assets and issues, allowing remediation actions to be prioritized by quantifiable risk. The Universal Connector enables organizations to quickly integrate disparate source data without waiting for specific connectors. The Application Security Heatmap offers a 90-day risk trend, customizable risk thresholds, and recommendations for the Best Next Action™ to remediate risks.

Derek Maki, Vice President of Product Management at Veracode, commented, "As organizations seek to find and fix mounting critical security debt, the need for risk-focused visibility and prioritization is clear. The new capabilities in the Longbow platform provide our customers with a deeper understanding of an organization’s riskiest applications, plus the unique ability to identify the top five most impactful solutions for improvement."

Enhanced Visibility and Prioritization

Building on the acquisition of Longbow Security in April 2024, Veracode continues to bridge the gap between development and security teams, delivering comprehensive visibility from code repositories to cloud assets and runtime. The Longbow platform also identifies infrastructure-as-code and misconfiguration risks for cloud assets originating from repositories.

The Longbow Universal Connector and Application Security Heatmap are available immediately. For more information, visit the Veracode website or watch the interview with Brian Roche, Veracode Chief Executive Officer, and Derek Maki. The full State of Software Security 2024 Language Snapshot is also available on the Veracode website. Attendees of the Black Hat USA Conference, held from August 3-8, 2024, can learn more about Veracode’s platform at booth

Related News